Liontree

**Name of the Vulnerable Software and Affected Versions** RTMKit versions through 1.6.8 **Description** The RTMKit plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the `themebuilder` parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a site administrator into performing an action, such as clicking a malicious link. **Recommendations** Update RTMKit to a version later than 1.6.8.

**Name of the Vulnerable Software and Affected Versions** Feeds for YouTube Pro plugin for WordPress versions prior to 2.6.0 **Description** The Feeds for YouTube Pro plugin for WordPress is susceptible to unauthorized access to files. This is caused by inadequate validation of data provided by users, which is then used in file operations. An attacker who successfully exploits this issue can read the contents of arbitrary files on the server, potentially exposing sensitive information. This is possible when the 'Save Featured Images' setting is enabled and 'Disable WP Posts' is disabled. The issue affects unauthenticated users. **Recommendations** Update the Feeds for YouTube Pro plugin to version 2.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** admesh versions up to 0.98.5 **Description** A security flaw exists in admesh up to version 0.98.5. The issue resides in the `stl check normal vector` function within the `src/normals.c` file, leading to a heap-based buffer overflow when a manipulation is performed. The attack requires local access. The exploit has been publicly released. **Recommendations** Versions prior to 0.98.5 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contact Form 7 Redirection plugin for WordPress versions up to and including 3.2.7 **Description** The plugin is susceptible to arbitrary file uploads because of a lack of file type validation within the `move file to upload` function. This allows unauthenticated attackers to copy arbitrary files on the server of the affected site. If the PHP configuration setting `allow url fopen` is enabled, attackers can upload remote files to the server. **Recommendations** Update to a version beyond 3.2.7.

**Name of the Vulnerable Software and Affected Versions** Hubbub Lite versions up to and including 1.36.0 **Description** The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is present via the `dpsp list attention search` parameter. **Recommendations** Versions prior to and including 1.36.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** Blog2Social: Social Media Auto Post & Scheduler versions prior to 8.6.1 **Description** The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to a Server-Side Request Forgery issue in versions up to and including 8.6.0. Authenticated attackers with Subscriber-level access or higher can leverage this to make web requests to arbitrary locations from the web application. This could allow them to query and modify information from internal services via the `getFullContent()` function. The vulnerable parameter is `post url`. **Recommendations** Update Blog2Social: Social Media Auto Post & Scheduler to version 8.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** Premium Portfolio Features for Phlox theme plugin for WordPress versions prior to 2.3.11 **Description** The Premium Portfolio Features for Phlox theme plugin for WordPress is susceptible to Local File Inclusion in versions prior to 2.3.11. This allows unauthenticated attackers to include and execute arbitrary .php files on the server, potentially enabling them to bypass access controls, obtain sensitive data, or achieve code execution if .php file uploads are permitted. The issue is triggered through the `args[extra template path]` parameter. **Recommendations** Update the Premium Portfolio Features for Phlox theme plugin for WordPress to version 2.3.11 or later. As a temporary workaround, restrict access to the `args[extra template path]` parameter.

**Name of the Vulnerable Software and Affected Versions** HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to and including 1.3.7.1 **Description** The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is susceptible to blind SQL Injection through the `phrase` parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the SQL query. This allows unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Update the HUSKY – Products Filter Professional for WooCommerce plugin for WordPress to a version later than 1.3.7.1.

**Name of the Vulnerable Software and Affected Versions** Element Pack Addons for Elementor plugin for WordPress versions up to and including 8.2.5 **Description** The Element Pack Addons for Elementor plugin for WordPress is susceptible to a Blind Server-Side Request Forgery issue. This affects versions up to and including 8.2.5. Authenticated attackers with Subscriber-level access or higher can exploit this to make web requests to arbitrary locations from the web application. This can potentially allow querying and modification of information from internal services via the `wp ajax import elementor template` action. **Recommendations** Update Element Pack Addons for Elementor plugin for WordPress to a version later than 8.2.5.

**Name of the Vulnerable Software and Affected Versions** AffiliateWP plugin for WordPress versions up to and including 2.28.2 **Description** The AffiliateWP plugin for WordPress is susceptible to SQL Injection through the `ajax get affiliate id from login` function. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. This allows unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. The vulnerable parameter is not explicitly specified. **Recommendations** Update the AffiliateWP plugin to a version later than 2.28.2.